cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

242
Views
0
Helpful
2
Replies
mark.stephens
Beginner

AD groups, wireless/VPN restrictions ACS4.0

Hi,

I have a situation where I have 2 groups in ACS called wireless and VPN. I have successfully mapped these to 2 AD groups called the same.

My requirement now is to restrict the wireless users so that they can only authenticate through an access point and not the vpn.

How would I achieve this bearing in mind I can restrict on IP address as they are all in the same subnet?

Is there anyway to configure say user1 will only be able to connect via the wireless?

2 REPLIES 2
ethiel
Participant

If you go to Interface Configuration->Advanced options, there is an option "Group-Level Network Access Restrictions". If you check that, then under each group you can define what devices members can authenticate on. For your VPN group, only allow them to access your VPN devices, and your wireless only allow them to access your wireless devices.

-Eric

Please remember to rate all helpful posts.

Great. I am working on the exact same solution you answered my question.

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (36%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel